Hi, I am setting up a mysql database, with two tables. One keeps the user authentication info such as user name, password and user level. The other table with contains files for upload and download. Is there a good way to setup the user authentication table so it can check appropriate user rights (user level) then provide the appropriate upload or download page?
I came up with a scheme as follows, userlevel unsigned tinyint not null primary key, username char(8) not null, userpass char(16) not null I can store user passwords using MySQL's password encryption. But when I need to access the upload/download table I need to somehow notify the database that what level of access the user has. If I set userlevel=1 (or any number) after succesful authentication in the script, I would compromised the other table. As hackers can change userlevel in the php script without going through the authentication. Can someone please provide me a couple of pointers how I go about setting up my database? TIA. Regards, Norman --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php